If the police want to read copies of a snail-mail letter you've received, they generally need to get a warrant. But the situation is different for e-mail. Under the terms of the 1986 Electronic Communications Privacy Act, e-mail older than six months is considered abandoned. Authorities can obtain copies of it with no judicial oversight.

When Congress established this rule, modern cloud e-mail services were still far in the future. Network storage was expensive, so it was assumed that users would delete messages from servers after reading them. Today, of course, people routinely leave years worth of e-mail sitting on the servers of webmail providers, making them vulnerable to government snooping.

The need for reform has been obvious for years, but recent events have created a greater sense of urgency. On Thursday, the Senate Judiciary Committee will meet to "mark up" a bill to reform ECPA. The House Judiciary Committee held a hearing on e-mail privacy last month.

Ars talked to Chris Calabrese, an attorney at the American Civil Liberties Union, about the privacy proposals Congress is considering. He told us that the leading proposals would affect much more than e-mail.

The legislation under consideration in the Senate was proposed by Patrick Leahy (D-VT), the chairman of the Judiciary Committee, and Mike Lee (R-UT), a senator with strong ties to the Tea Party. Calabrese told us that the Leahy-Lee bill "would require a warrant for all private electronic content. So it's e-mails, it's texts, Google Docs, it's photos in Picasa, it's private social networking posts."

Right now, under the so-called third-party doctrine, "anything that's not a communication, like a Google Doc, is accessible with a subpoena." Calabrese argued that reforms were needed not only to protect Americans' privacy, but also to promote the growth of companies offering cloud-based services. He believes that documents stored on cloud-based services should enjoy the same robust Fourth Amendment protections as conventional paper documents.

The ACLU supports Leahy's bill, and Calabrese said he hoped the legislation could be approved by the Judiciary Committee on a simple voice vote. Sen. Chuck Grassley (R-IA), an influential Republican on the Judiciary Committee, has expressed support for the legislation.

"I have long believed that our government should obtain a search warrant—issued by a court—before gaining access to private communications," Leahy said last week, according to The Hill. "I have worked over the last several years to update our federal privacy laws to better safeguard our privacy rights in the digital age."

E-mail privacy is also being considered by the House of Representatives. Rep. Zoe Lofgren (D-CA) has introduced legislation with Rep. Ted Poe (R-TX) that would beef up privacy protections for both e-mail and location tracking.

Location tracking is the subject of a separate hearing being held by the House Judiciary Committee on Thursday. In the Senate, a separate bill by Sen. Ron Wyden (D-OR) and Mark Kirk (R-IL) would increase legal protections for location privacy. Calabrese said it was unclear whether Congress would eventually pass a single bill addressing both issues, or whether they would be considered separately.

I might be wrong but wouldn't this bill... well... do practically nothing if cispa passes? :x

Exactly what I've been wondering. Either our members of Congress have no concept of what either bill is about, they know what both bills are about and know that one will essentially cancel the other out for most people, or a combination of both. I really can't see any other reason for the drastically different "mood" of congress with regards to these two proposals.

I suppose that people that manage their own email outside the hands of any corporation could be protected by this new legislation while being unaffected (mostly) by CISPA. Of course, that is very hard to do for most people.

It's about time, but this rule should also extend to any 3rd party storage allocated for private personal use. Such storage is the digital equivalent of renting an apartment, and should have roughly the same protections against searches.

On one hand Congress can say "we're not allowing warrantless searches anymore" while the other hand is allowing it to happen under the guise of "national security" or "anti-terrorism." Afterall, you're not a terrorist, right? This is the logic as I see them spinning it to us even without admitting it. If this law passes it's meaningless with CISPA on the books.

I hate to be cynical, but I'll be totally shocked if our representatives pass anything this reasonable. The Homeland Security people will be coming out of the woodwork to foretell the end of civilization as we know it.

What we're going to have is drives supporting hardware encryption, and PCs and operating systems coming with TPMs and everything necessary to enable it. Concerned individuals and businesses will either not store sensitive data in "the cloud," or they'll encrypt it first. This can already be done with certain applications, services like SpiderOak, and dedicated encryption apps like TrueCrypt.

For many law abiding citizens, this will be less a response to government overreach than to the threat of identity theft. Either way, the effect is the same - someone is after your private data, and you are the only one who can protect yourself. Given federal criminal cases like Aaron Swartz and David Nosal, I wonder how many innocent parties could survive a federal forensic investigation if they want you badly enough.

The legislation under consideration in the Senate was proposed by Patrick Leahy (D-VT), the chairman of the Judiciary Committee, and Mike Lee (R-UT), a senator with strong ties to the Tea Party. Calabrese told us that the Leahy-Lee bill "would require a warrant for all private electronic content. So it's e-mails, it's texts, Google Docs, it's photos in Picasa, it's private social networking posts."

Let hope this passes without being watered down too much. This will be a great victory if the final bill lives up to requiring a warrant for private electronic content.

I see you found my old DEC MicroVAX II. That was one heavy deskside tower. After a few years of VAXen and DECstations and rackmount network gear I swore I was never going to buy another host that wasn't a laptop. I think I got the Sun 1000D for a home video distribution server (over OC-3 ATM!) and the 64-bit Alpha workstation after that...

I might be wrong but wouldn't this bill... well... do practically nothing if cispa passes? :x

Exactly what I've been wondering. Either our members of Congress have no concept of what either bill is about, they know what both bills are about and know that one will essentially cancel the other out for most people, or a combination of both. I really can't see any other reason for the drastically different "mood" of congress with regards to these two proposals.

I suppose that people that manage their own email outside the hands of any corporation could be protected by this new legislation while being unaffected (mostly) by CISPA. Of course, that is very hard to do for most people.

Edited to finish up sentence fragment.

This bill would be a paliative to CISPA... or more appropriately, a placebo.

Too bad they don't have the gull to repeal the unconstitutional FISA Amendments Act of 2008. Why are we keeping some illegal act illegal but others "legal?" Because they admitted to committing treason when they passed the FISA amendment?

On one hand Congress can say "we're not allowing warrantless searches anymore" while the other hand is allowing it to happen under the guise of "national security" or "anti-terrorism." Afterall, you're not a terrorist, right? This is the logic as I see them spinning it to us even without admitting it. If this law passes it's meaningless with CISPA on the books.

^yeah, basically as long as fear mongering allows power to go unchecked then the people suffer.

I am glad Congress finally come to their sense concerning privacy. Though it's a bit too late I shall say. Will this bill matter at all with all these special modified hacking tools FBI currently using? Same ol' same ol', nothing will change much. But it's a dream to us, right? Yes, it's only a dream.

Timothy B. Lee / Timothy covers tech policy for Ars, with a particular focus on patent and copyright law, privacy, free speech, and open government. His writing has appeared in Slate, Reason, Wired, and the New York Times.